CNNVD-202512-819 Information

CNNVD ID

CNNVD-202512-819

Related CVE

CVE-2025-14198

• CNNVD Published: 2025-12-07

Description (Chinese)

Verysync是中国微力同步（Verysync）公司的一个私人文件同步和备份软件。 Verysync 2.21.3版本存在访问控制错误漏洞，该漏洞源于组件Web Administration Module中文件/safebrowsing/clientreport/download?key=dummytoken的错误操作，可能导致信息泄露。

Description (English)

Verysync is a private file synchronization and backup software for Verysync. Version Verysync 2.21.3 contains a bug in access control resulting from the error of file/safebrowsing/centreport/download?key=dummytoken of the component Web Administration Module, which could lead to the disclosure of information.

Hazard Level

High

Vulnerability Type

访问控制错误

Affected Vendor

微力同步

Published

2025-12-07

Last Modified

2026-02-24

References

https://vuldb.com/?id.334618 https://vuldb.com/?submit.699533 https://github.com/jjjjj-zr/jjjjjzr/issues/7 https://vuldb.com/?ctiid.334618 https://access.redhat.com/security/cve/cve-2025-14198